Privacy and Data Protection are interrelated concepts that involve complex statutory, regulatory and common law requirements and restrictions. Privacy and data breaches - whether accidental or intentional - are frequent front-page news stories that damage corporate reputations and have led to an increasing number of class action lawsuits.

Federal, provincial and municipal legislation across Canada sets out rules governing collection, use, storage, security, disclosure and disposal of personal information by private sector organizations as well as government bodies and institutions. Some provinces have also created statutory torts that create liability for violations of privacy even without proof of damages. In addition, virtually every jurisdiction in Canada has specific legislation applicable to personal health information, and some organizations (e.g., financial institutions) must comply with sector-specific statutes and/or regulatory guidelines.

Furthermore, litigation related to privacy and data protection issues has become common, with claims encompassing recognized causes of action such as negligence, breach of contract, statutory breach and "intrusion upon seclusion," as well as potential new torts like "publicity given to private life" and the more amorphous "breach of privacy".

Understanding and complying with such multifaceted and often overlapping obligations and restrictions can be difficult. However, with cybersecurity incidents and other breaches on the rise, organizations cannot afford to ignore this high risk area.

McMillan's Privacy & Data Protection Group helps clients examine the impact of privacy and data protection laws and regulatory requirements upon their businesses and implement measures to reduce risks. Our lawyers understand the laws and their impact on day-to-day business activities, including in areas with specific sensitivities, such as online privacy and data protection, youth privacy, health privacy, employee privacy, cross-border data transfers (including cloud computing), and use of personal information for secondary marketing purposes.

We help clients understand how they can balance compliance with innovation, employer rights, and business needs.